Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-6783
HistoryAug 17, 2017 - 8:29 p.m.

CVE-2017-6783

2017-08-1720:29:00
CWE-200
cisco
web.nvd.nist.gov
40
vulnerability
snmp polling
cisco
web security appliance
email security appliance
content security management appliance
cve-2017-6783
nvd
exploit

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).

Affected configurations

Nvd
Node
ciscocontent_security_management_applianceMatch10.1.0-037
OR
ciscoemail_security_applianceMatch9.7.2-065
OR
ciscoweb_security_applianceMatch10.0.0-230
VendorProductVersionCPE
ciscocontent_security_management_appliance10.1.0-037cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*
ciscoemail_security_appliance9.7.2-065cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*
ciscoweb_security_appliance10.0.0-230cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Web Security Appliance (WSA)",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0-230"
      }
    ]
  },
  {
    "product": "Email Security Appliance (ESA)",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "9.7.2-065"
      }
    ]
  },
  {
    "product": "Content Security Management Appliance (SMA)",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0-037"
      }
    ]
  }
]

Related

openvas 3
cisco 1
cvelist 1
prion 1
nvd 1
openvas
openvas
Cisco Content Security Management Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
Cisco Email Security Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
Cisco Web Security Appliance SNMP Polling Information Disclosure Vulnerability
2017-08-17 00:00:00
cisco
cisco
Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
2017-08-16 16:00:00
cvelist
cvelist
CVE-2017-6783
2017-08-17 20:00:00
prion
prion
Design/Logic Flaw
2017-08-17 20:29:00
nvd
nvd
CVE-2017-6783
2017-08-17 20:29:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON
Related for CVE-2017-6783
openvas3cisco1cvelist1prion1nvd1